As finance leaders grapple with the Corporate Sustainability Reporting Directive and its complex demands, IT collaboration will become increasingly important, writes David Codd Finance Directors and Financial Controllers are working hard to understand the implications of the Corporate Sustainability Reporting Directive (CSRD) and to put the necessary reporting in place in their businesses. But their colleagues in IT also have a vital part to play. This is an unusual challenge for IT, and it’s important to consider how to collaborate effectively. What are the pitfalls to avoid? And how can you build a strong partnership to deliver your sustainability reporting programme? The CSRD, finance teams and IT The CSRD will expand sustainability reporting which will become mandatory for publicly listed companies (plcs) in 2025 for 2024 performance and a year later for all large companies. Finance teams are now performing double materiality assessments and assessing what new measures and information will be required. However, the underlying data itself must be identified and sourced, its reliability established, and processes put in place to extract and interpret the data and report accurately on an ongoing basis. This has the potential to become very onerous. IT support will be critical to an effective and efficient process, i.e. high-quality reporting with minimum manual intervention. An unusual IT challenge This is an unusual challenge for IT departments for various reasons: The scope is exceptionally broad The activities that impact the environment are conducted across an organisation’s operations and – for Scope 3 emissions – through multiple steps in the supply chain. So, the systems and datasets your IT colleagues will have to work with are unusually disparate and will even fall outside the boundaries of the technology estate they control. The standards are still being rolled out IT project managers like clear definitions at the start of a project. However, the first sustainability reporting standards have only recently been released, and the taxonomy for digital reporting is a work in progress. Plus, the “limited assurance” concept will give rise to different interpretations of the quality of the audit trail needed. This is a big project without a conventional monetary business case Chief Information Officers usually have many more attractive-sounding initiatives in the pipeline than they can deliver at once. So, they work with their finance and functional colleagues to prioritise, and resources are allocated based on financial payback or loss avoidance. Your CSRD-driven reporting programme does not neatly fit these criteria.      How to manage risks There are several risks when working with an IT team on sustainability reporting. Confused responsibilities You usually work with a financial systems team, but IT business partners for supply chain or manufacturing operations will already have been partnering with sustainability managers to develop scorecards. Muddled ownership and communications can result in lost time. In a large business, reporting is a full-blown programme consisting of several streams. It needs experienced management to coordinate it and manage the relationship with you. I would also recommend that accountability for IT delivery sits with the head of financial systems, and the IT project manager should sit on the team. This keeps the ownership and lines of communication as simple as possible. Your IT team can’t resource the project Since the 2000s, IT resource has shifted from enterprise systems to ecommerce, data analytics and security. Enterprise resource planning systems teams have been staffed to make incremental changes on the basis that resources can be contracted in as needed. However, consulting firms are now experiencing heavy demand for their sustainability reporting expertise as deadlines approach. The work should be scoped out with IT as early as possible. Most of the scope can be clarified now. Finance and IT should accept that adjustments will be needed, but it’s wise to use resources now and make progress. In this case, perfect is the enemy of good. Motivation The tech community loves stimulating work – through either buying into a goal or working with innovative technology (and preferably both). You need enthusiastic professionals volunteering for this project, but you’re competing with exciting fields such as artificial intelligence and the possibility of going to other employers. The people you need have lots of options. Be aware of the nuanced differences between finance and tech culture and accept that you’re competing for talent. Reach out to the IT community in your business, explain that CSRD prevents greenwashing and that high-quality reporting is a noble undertaking that will help your business to show the world what you’re doing. True partnership is key Recognise the significant challenge presented for both IT and finance by the imperative to develop a quality, efficient sustainability reporting process at pace. A true partnership between finance and IT is the key to successful reporting. David Codd is a Non Executive Director and Strategy and Transformation Consultant

Kevin Empey explores the three phases of flexible work adoption, from foundational steps to future-focused strategies As we enter a new year, there is still a noticeable gap between desired employer policy and employee practice and expectations as to how flexible work arrangements should operate. This gap narrowed in 2023, with both employers and employees taking steps to make flexible working fit-for-purpose more standard practice, but the evolution of more flexible work models is far from over. The employment market in 2024 looks set to be split between two types of employers. First, there will be the employers who continue to be open about how and where work is done with an eye to emerging influences such as artificial intelligence (AI) and the four-day work week. Second, there will be those who revert to more ‘fixed’, pre-COVID work models and mindsets with minor concessions to demands for some form of hybrid working offering.  While other business and employment priorities take over the agenda in 2024, it doesn’t mean flexible work design is done and there is further change ahead.  In our experience, there are three distinct phases in the transition to flexible work models and how organisations are adapting to new and emerging realities. Phase 1: Base camp Some organisations (not many) are still in the early stages of settling on their flexible working vision. They are continuing to lay the groundwork for establishing new work models that cater to evolving work patterns and demands as well as organisational priorities. This phase involves embracing the basics, getting the framework up and running and also considering their flexible working strategy for frontline roles and work that cannot be done remotely. Phase 2: Integration Most businesses find themselves in this second phase. They have spent 12 to 24 months adapting to their declared approaches (the ‘what’) and are now in a position to refine and integrate their flexible models (the ‘how’) with the demands of their business. This involves addressing specific challenges encountered in recent months, bridging gaps between employer policies and employee preferences, and adapting legacy processes and definitions of productivity. The opportunity presented by this phase is to ensure that work redesign will be an ongoing expectation and reality and is just not about getting hybrid right. The risk of this phase is that employers allow poor habits and practices to set in and that the expectation and need for ongoing reform and improvement is not made clear.   Employees are also considering whether their employer’s flexible working models align with what they want. Continued flexibility and ongoing dialogue will be critical to keeping people on board.  Phase 3: Beyond hybrid Organisations that have reached this stage have moved beyond the hybrid conversation. They have integrated hybrid working into a broader flexible work model. Their experiences and approaches provide valuable insights into how this transition can best be managed. A critical theme in this phase is the shift in narrative, where the focus is not solely on the hybrid debate but on achieving work flexibility and adaptability more broadly across the organisation. This will include open work design conversations involving AI solutions, four-day work week options and other influences on how and where work can be done better and faster. This encompasses reforming processes, enhancing employee experiences, reconfiguring workplaces and aligning change with ongoing cultural and transformational agendas. In this phase, the emphasis also shifts to enabling teams to drive changes and improvements collaboratively rather than imposing them from the top down. Furthermore, continuing support for managers to lead ongoing change becomes paramount in ensuring sustained success. It is also quite common to see some organisations shift from one phase to another and back again, as they re-set strategies and solutions with employees and their people leaders. The future agenda  As we move forward into 2024 and beyond, the perspective is shifting beyond the mere transition to hybrid working models. Building on recent hybrid working experiences and fostering a culture of adaptability and agility will be transformative for both employers and employees, narrowing the gap between what employers offer and employees want. The journey towards a flexible and adaptive workplace is ongoing and will continue at pace, with new chapters and milestones on the horizon. Those organisations that prioritise learning from recent experiences and adapting to change as an ongoing habit will be best-equipped to succeed and minimise the employer/employee gap. Kevin Empey is the Managing Director of WorkMatters

With tech-enabled fraud on the rise in Ireland, businesses must carefully assess and manage potential risks, writes Sara McAllister Ireland is a hub for data storage and technology organisations and, as such, we are at the fore of innovation and transformation. There is a flipside, however. As this industry grows and technology evolves, so too do risks associated with fraud. Businesses and organisations in Ireland have become a greater target for fraudulent activity by criminals looking to exploit vast amounts of data created, shared and uploaded every single second. The challenge now is how best to identify, monitor and manage this risk. The National Risk Assessment 2023, published by the Irish government earlier this year, points to Ireland being especially vulnerable due to the scale of technological infrastructure developed here. Its exploitation by bad actors could cause significant disruption. A rise in the volume of fraudulent attacks carried out in Ireland speaks to the appetite of those looking to exploit weaknesses in infrastructure, industry or organisations. With this heightened focus on Ireland, business and organisational leaders here may find themselves under pressure to assess, manage and prepare for risks attached to operations, both in-house and outsourced. Artificial intelligence As new technologies come on stream, the focus on risk reduction will need to move at a faster pace. Advances in artificial intelligence (AI) have helped scale businesses via real-time automation, but this technology comes with its own risks. Ultimately, it is a double-edged sword. On the one hand, AI has been a game-changer in areas like audit and forensics, allowing businesses to deploy ‘needle in a haystack’ algorithms to identify anomalies and exposures. This is one of the reasons we are seeing an improvement in the detection of fraudulent activity. On the other hand, AI has allowed bad actors to identify new opportunities to carry out fraudulent attacks, penetrating weaknesses in the new and novel AI technology businesses are learning to use. Hybrid and remote work Most businesses have introduced remote and hybrid working processes in recent years, and many will continue to review these policies in line with changing business needs. A key consideration in this context is the risk associated with social engineering threats, which rely on human error and can be much more difficult to detect than other fraud-related risks. Where employees work remotely, evidence suggests they are less likely to consider the legitimacy of communications they receive by email, for example, and may be more inclined to respond to fraudulent requests that appear to have been sent by colleagues or superiors within their organisation, creating vulnerabilities across entire business networks as a result. Security training and awareness is the first line of defence against social engineering, yet many organisations fail to sufficiently consider the risks associated with employees working on-site and remotely. Fraud trends Several other trends are raising concern for businesses, too, beyond AI and hybrid working. Synthetic identity theft uses legitimate and fabricated information to exploit vulnerabilities and remains problematic for businesses as it is increasingly difficult to detect. Account takeover fraud remains prevalent and, as the number of personal online and social media accounts increase, so too do attacks by criminals attempting to gain access to personal data or bank details, often through stolen information. Crypto currency fraud, albeit less mainstream, also fundamentally exploits technology control weaknesses to attempt to steal coins, such as Binance Smart Chain, Ethereum and Bitcoin. Necessary risk assessment The heightened risk landscape is part of a changing cybersecurity picture where digital technology is constantly being attacked and weaknesses are identified and accessed by criminals to exploit data and information for their own gain. Fraud risk must always be a key factor for consideration when managing shared infrastructure, data breaches, preventing unauthorised access and engaging with third-party providers, among others. Industry and political stakeholders are acutely aware of the challenges in this space. Without the proper risk assessment, governance and control mechanisms in place, any single attempt at fraud could potentially put a business at the centre of a perfect storm with a highly damaging aftermath.  Sara McAllister is Partner and Head of Business Risk Services at Grant Thornton